Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-31500

Best Practical RT (Request Tracker) 5.0 through 5.0.7 allows XSS via JavaScript injection in an Asset name.

Published

2025-05-28T18:15:26.700

Last Modified

2025-06-09T18:58:52.700

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application bestpractical request_tracker < 5.0.8 Yes
References